Passkeys now available for passwordless sign-in and 2FA on GitLab

GitLab now supports passkeys for passwordless sign-in and phishing-resistant two-factor authentication.

• •Passkeys authenticate using device biometrics (fingerprint, face recognition) or PIN, with no password required
• •Built on WebAuthn and public-key cryptography: private key stays on device, only public key stored on GitLab
• •Even if GitLab is compromised, stored credentials cannot be used to access accounts
• •Supported on major desktop browsers (Chrome, Firefox, Safari, Edge), iOS 16+, Android 9+, and FIDO2 hardware keys
• •Part of GitLab's commitment to the CISA Secure by Design Pledge to increase MFA adoption

This summary was automatically generated by AI based on the original article and may not be fully accurate.